Viruses may be linked

While the Zotob worms received a lot of attention in the press last month, they seem to have been far less damaging in the wild: no Zotob variants make it into security firm Sophos’ top ten list of threats for August. However, the company’s latest report warns that the Mytob and Zotob viruses may indeed have been written by the same author.

While the Zotob worms received a lot of attention in the press last month, they seem to have been far less damaging in the wild: no Zotob variants make it into security firm Sophos’ top ten list of threats for August. However, the company’s latest report warns that the Mytob and Zotob viruses may indeed have been written by the same author. The report, compiled from Sophos’s global network of monitoring stations reveals that Netsky-P, the worm written by the convicted German teenager, Sven Jaschan, was once again the leading threat, representing 14.9% of all incidents reported to Sophos. Overall, variants of the Mytob worm represented over half, 54%, of all viruses reported to Sophos in August. In addition, research now suggests that the Zotob group of viruses is also directly linked to Mytob, the company claimed. “Mytob and Zotob may spread in different ways, but the source code is very similar,” said Carole Theriault, security consultant at Sophos. “Moreover, the Zotob author’s nickname, Diabl0, appears in more than twenty of the Mytob variants, suggesting that they may have been created by the same person. One thing is for sure — Mytob is still causing chaos in organisations that haven’t updated their virus protection and patched software vulnerabilities,” she added. Zotob captured a lot of media attention when it appeared last month, in part because it hit several large news organisations, including CNN and The New York Times. However, regional security experts said they thought its actual threat had been contained for the Middle East. “By the time many users had actually turned on their systems here, the automatic update service had had a chance to get to work,” Justin Doo, managing director of Trend Micro MEA, told IT Weekly (see IT Weekly 27 August – 2 September 2005). According to the Sophos report, only one in 50 e-mails, 1.99%, were viral, a significant drop when compared to the May results of one in 38 e-mails. However, the security firm put this down to users taking a holiday rather than the virus writers themselves: “Rather than being a sign that virus writers are giving up trying to infect computers, the reason for this decrease is most likely due to August being a favourite holiday time for many people,” explained Theriault. “While people are enjoying a cocktail of sun, sea and sand, a large number of computers are switched off and therefore immune to infection,” she claimed. In total, Sophos identified and protected against 1,626 new viruses in August. The total number of viruses Sophos now protects against is 109,244.